ckeditor4-dev@4.15.0 vulnerabilities
The development version of CKEditor - JavaScript WYSIWYG web text editor.
-
latest version
4.16.0
-
latest non vulnerable version
-
first published
5 years ago
-
latest version published
4 years ago
-
licenses detected
- (GPL-2.0-or-later OR LGPL-2.1 OR MPL-1.1)>=0
Direct Vulnerabilities
Known vulnerabilities in the ckeditor4-dev package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.| Vulnerability | Vulnerable Version |
|---|---|
ckeditor4-dev is a configurable WYSIWYG HTML editor. Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) by persuading a victim to paste crafted URL-like text into the editor, and then press Enter or Space (in the Autolink plugin). How to fix Regular Expression Denial of Service (ReDoS)? Upgrade |
<4.16.0
|
ckeditor4-dev is a configurable WYSIWYG HTML editor. Affected versions of this package are vulnerable to Cross-site Scripting (XSS) by persuading a victim to paste a specially crafted HTML code into the Color Button dialog. How to fix Cross-site Scripting (XSS)? Upgrade |
<4.15.1
|